skid2964 Posted May 9, 2018 ID:1241270 Share Posted May 9, 2018 I have a strange problem on one of my computers, apparently it was or is infected and files that were accessed during this are now apparently encrypted. My documents, desktop files, some system files, files on my shared network drive all were renamed with the ".cry" extension. I have scanned the computer with the windows anti-virus and Malwarebytes and no threats were detected at all. No ransom messages, nothing. So I am stumped. The computer system restore backups are not not activated so I have no restore points. Has anyone encountered this issue? Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted May 9, 2018 Staff ID:1241271 Share Posted May 9, 2018 ***This is an automated reply*** Hi, Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!! Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know. First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details: Spoiler Malwarebytes can detect and remove most malware with no further actions required for free. If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below. Open Malwarebytes for Windows To the left, click Scan > Scan Types. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available. Click Start Scan Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool: Spoiler Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult. Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually. Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply and Follow this topic to get notified when an expert has replied. Click "Reveal Hidden Contents" below for details.Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. Spoiler To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button. After posting your new post, make sure you click the Follow button near the top right of this page, and select the option "An email when new content is posted Change how the notification is sent" so that you're alerted by email when someone has replied to your post. Please Note the Following: One of our expert helpers will give you one-on-one assistance when one becomes available. Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here. Troubleshooting Tips FAQ - Malwarebytes won't run or failed to resolve my issues Groups authorized to help with Malware Removal for Windows logs Link to post Share on other sites More sharing options...
skid2964 Posted May 9, 2018 Author ID:1241278 Share Posted May 9, 2018 Update, I found quarantined items in Malwarebytes. Apparently it was the "Win32/Necne" Ransomware. It was removed but now I have all these encrypted files that still need to be decrypted. is this possible? Link to post Share on other sites More sharing options...
Aura Posted May 9, 2018 ID:1241343 Share Posted May 9, 2018 Hi skid2964 Can you upload an encrypted file, or a ransom note to ID-Ransomware, and provide me the report URL? https://id-ransomware.malwarehunterteam.com/ Link to post Share on other sites More sharing options...
skid2964 Posted May 10, 2018 Author ID:1241761 Share Posted May 10, 2018 Done... I uploaded an encrypted file. We never saw a ransom note. https://id-ransomware.malwarehunterteam.com/identify.php?case=434be18e541b569a58358113ff89309d5e5d3621 Link to post Share on other sites More sharing options...
Aura Posted May 10, 2018 ID:1241823 Share Posted May 10, 2018 Sadly as stated by ID-Ransomware, there's no way to decrypt the files that were encrypted by this Ransomware for free at the moment. The only thing you can do is restore them from a recent backup, if you have one. If you don't, backup your files somewhere safe, and hope that a free decryption solution will be released in the future. Were there any other issues to address, or that was it? Link to post Share on other sites More sharing options...
Aura Posted May 13, 2018 ID:1242672 Share Posted May 13, 2018 Hi skid2964, Are you still with me? Link to post Share on other sites More sharing options...
skid2964 Posted May 13, 2018 Author ID:1242683 Share Posted May 13, 2018 You say there is no "Free" decryption solution. Is there a paid solution? Link to post Share on other sites More sharing options...
Aura Posted May 13, 2018 ID:1242686 Share Posted May 13, 2018 The "Paid" solution would be to pay the ransom which we strongly recommend against as it: Encourage the crooks behing the Ransomware, financing their various criminal activities Also, there is a good chance that you'll either not receive your decryption key, or it will not work at all and there's no refund. You're dealing with criminals after all Though I understand that depending on the content of the files that were encrypted, you might have no other choice but to pay the ransom. That call is yours. Link to post Share on other sites More sharing options...
skid2964 Posted May 13, 2018 Author ID:1242687 Share Posted May 13, 2018 No, I will never pay the ransom. I will just save the files and hope for a solution later on. Thank you for your help. Link to post Share on other sites More sharing options...
Aura Posted May 13, 2018 ID:1242752 Share Posted May 13, 2018 No problem skid, you're welcome! Stay safe Link to post Share on other sites More sharing options...
Aura Posted May 15, 2018 ID:1243091 Share Posted May 15, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts